We will address this issue too and prevent logins from each users. Leaked information includes username, email and hashed password, which does not allow anyone to get to the actual password, should it be complex enough. If you used a simple password you will not be able to login on Mt.Gox until you change your password to something more secure. If you used the same password on different places, it is recommended to change it as soon as possible.

It also says "One account with a lot of coins was compromised" and "Apart from this no account was compromised, and nothing was lost". If that's true, how did everyone's password hashes end up on the Internet for public download? Something fishy is going on.

I use a customized version of passwordmaker.org ...this let's me hash together one master password with various other details to generate completely unique usernames and passwords for every single online account that I have. I sleep easy knowing that if my password on one service (like mtgox) has been compromised, that my password (or username) is not compromised on other services. I highly recommend it (it can be a little inconvenient though).

We will address this issue too and prevent logins from each users. Leaked information includes username, email and hashed password, which does not allow anyone to get to the actual password, should it be complex enough. If you used a simple password you will not be able to login on Mt.Gox until you change your password to something more secure. If you used the same password on different places, it is recommended to change it as soon as possible.

It also says "One account with a lot of coins was compromised" and "Apart from this no account was compromised, and nothing was lost". If that's true, how did everyone's password hashes end up on the Internet for public download? Something fishy is going on.

One have to be an idiot to believe that statement, someone has 500k+ btc just sitting in their mtgox account? lol

Man from the future, you seem to know this stuff. How hard would it be for people to bruteforce or crack a reasonably strong password with the encryption in the MtGox file? Say 10 characters alphanumeric.

Man from the future, you seem to know this stuff. How hard would it be for people to bruteforce or crack a reasonably strong password with the encryption in the MtGox file? Say 10 characters alphanumeric.

If the hacker also got their hand on the mtgox sourcecode, it's pretty trivial to crack, probably 5-10 accounts per hour depending on password strength.

lol wow that password hash is just begging to be cracked. That kind of length of total output hash is like the luggage lock of electronic security... Even salted sufficiently that is just not adequate.

I would like to echo the previous poster who said they have stronger encryption in a game they develop...